- From: Alan J. Flavell <flavell@a5.ph.gla.ac.uk>
- Date: Tue, 15 Dec 1998 21:34:18 +0000 (GMT)
- To: Chris Kreussling <CHRIS.KREUSSLING@ny.frb.org>
- cc: w3c-wai-gl@w3.org
On Tue, 15 Dec 1998, Chris Kreussling wrote: > While it may not be true of the majority of readers of this list, > I believe most authors have no control over their server settings. > They don't have their own domain name; they're hosted as a user > web under their web presence provider. They have neither the > authority, skills, nor inclination to modify server settings. May I speak to this point? While that's true, in as much as content providers who are in that situation wouldn't be able to influence the global settings of the server, there may very well be, in practice, ways for them to influence what the server does with their own documents. I'm speaking specifically of the properties of the .htaccess file in Apache (the most popular server, as I understand it) or the equivalent on other servers. One contributor had already expressed the view that HTTP protocol offers some vital functionality, that can't be achieved by other means. I support that view. There are various possible reactions to that. One would be "oh, that's too arcane for page authors, and server providers won't help them with it, so let's try to do without that functionality entirely". Another would be "HTTP is a vital part of the operation of the WWW, let's try to educate page authors to know what they're entitled to expect, and raise the general level of awareness". At some threshold, providers would then get accustomed to page authors making reasonable demands, and the providers pointing them to the appropriate place in the documentation. I think you can see which kind of approach I tend to favour. I recall some occasions in the past where I've told a page author, via a usenet article, "try putting this in your .htaccess", and later getting a reply along the lines of "hey, that worked, and even my provider was surprised how easy it was once one knew what to do". Even if the author has neither the inclination nor the aptitude for doing this, it's the case that pages are increasingly published by authoring/publishing software. Already such publishing software is installing proprietary stuff at the server to perform this or that function. Can that software not also be programmed to apply best practices regarding configuration of the web server for appropriate HTTP responses? So I really think it would be a defeatist attitude to write off the idea of exploiting HTTP at this relatively early stage in the process, albeit one would need to respect that fact that some content providers might have difficulties in that area. As a postscript, it's intriguing to hear that more and more authors are getting the facility to provide their own CGI scripts - something that frankly would have me tearing my hair out when I see the sort of security exposures that inexperienced authors create, not just for themselves but indirectly for the whole server; and yet it seems they aren't allowed to tackle the simplest of tasks for enhancing their HTTP responses for simple pages. This is back-to-front from where I'm sitting. Hope that was useful; all the best
Received on Tuesday, 15 December 1998 16:34:23 UTC